Details

This update has been rated as having moderate security impact by the RedHat Security Response Team.

The Apache HTTP Server is a popular Web server.

A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. A man-in-the-middleattacker could use this flaw to prefix arbitrary plain text to a client'ssession (for example, an HTTPS connection to a website). This could forcethe server to process an attacker's request as if authenticated using thevictim's credentials. This update partially mitigates this flaw for SSLsessions to HTTP servers using mod_ssl by rejecting client-requestedrenegotiation. (CVE-2009-3555)

Note: This update does not fully resolve the issue for HTTPS servers. Anattack is still possible in configurations that require a server-initiatedrenegotiation. Refer to the following Knowledgebase article for furtherinformation: http://kbase.redhat.com/faq/docs/DOC-20491

A NULL pointer dereference flaw was found in the Apache mod_proxy_ftpmodule. A malicious FTP server to which requests are being proxied coulduse this flaw to crash an httpd child process via a malformed reply to theEPSV or PASV commands, resulting in a limited denial of service.(CVE-2009-3094)

A second flaw was found in the Apache mod_proxy_ftp module. In a reverseproxy configuration, a remote attacker could use this flaw to bypassintended access restrictions by creating a carefully-crafted HTTPAuthorization header, allowing the attacker to send arbitrary commands tothe FTP server. (CVE-2009-3095)